Get your copy of the definitive guide to threat intelligence.
We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.
May 7, 2019.
Global Cyber Innovation Summit
Some warnings last week in Baltimore about the supply chain. It may be wise to assume hardware's compromised, and as for software, the industry as a whole hasn't come to grips with the implications of the very widespread use of open source code. What of the problem of the "malicious committer?" Security industry leaders and venture capitalists closely engaged with them shared some thoughts.
We continue the CyberWire's coverage of the inaugural Global Cyber Innovation Summit in this and coming issues.
By the CyberWire staff
Symantec reports that the "Buckeye" group has obtained NSA cyber attack tools and used them against a variety of targets, including several US allies. Symantec doesn't call Buckeye Chinese intelligence services, but as close to everybody else does as to make no difference. The tools' use apparently antedates the ShadowBrokers' leaks by about a year, and there's speculation, the New York Times reports, that the code was captured and reverse-engineered when it was employed against Chinese networks.
Israel's airstrike against a Hamas cyber operations center continues to be seen by many as a radical shift in the nature of combat. ("The future is here and it features hackers getting bombed," as Foreign Policy puts it.) WIRED's more nuanced discussion sees the novelty in the near-real-time retaliation, and its public avowal by the Israeli government. But consider that, as cyber operations and electronic warfare converge, whether Gaza strike might be more like hitting an enemy jammer than something altogether new under the sun.
Not all retaliation is kinetic. Sometimes you jam the enemy emitter. Facebook just did so this week, taking down ninety-seven groups, pages, and accounts in an action against Russian "coordinated inauthenticity" deployed against Ukraine.
Don't tell Thanos, but Threatpost says a sketchy Avengers Endgame themed site that promises downloads of the movie is actually involved in credential harvesting. Don't go there; you don't want to get dusted.
Recorded Future takes a demystifying look at the dark web. There's bad stuff there, but it's a lot smaller than Mordor.
Today's issue includes events affecting Belgium, China, Congo, India, Ireland, Luxembourg, Philippines, Russia, Ukraine, United Kingdom, United States, Venezuela, and Vietnam.
Bring your own context.
Suppose you were to present a study of a company's cybersecurity posture to its board, as requested and required, complete with the usual dismaying findings--unpatched systems, default passwords, supply chain mishaps, various human errors--and the board thanked you, recessed briefly, returned, and told you your budget request was denied. Why would this happen? Here's why it happened on one occasion.
"Afterwards, the CEO and the CFO came down. And we sat down, having a side meeting to talk about what happened. And I think this was the most important realization, and it was when the CEO had said, 'Your presentation was great. You really conveyed the threat landscape. But there was one major thing missing. You never talked about how you're going to help the business.' And they said, 'We know how important cybersecurity is. We know how important it is for the business to improve and invest in the right areas. However, we really need it to work. And that's why we're having this conversation.'" Joseph Carson, chief security scientist and advisory CISO at Thycotic, on the CyberWire Daily Podcast, 5.3.19.
The board's language is business, and for some CISOs it can be at best a second language.
The CISO's ultimate guide to AppSec: 11 essential best practices you should know
By now, we are all too aware of the consequences of a data breach: brand damage, loss of customer confidence, potentially costly litigation, regulatory fines, and more. But most organizations aren’t as familiar with how to prevent these attacks. This guide highlights 11 data security best practices to minimize risk and protect your data.
And Recorded Future's Threat Intelligence Podcast, produced in partnership with the CyberWire, is also up. In this episode, "A Fresh Take on Defining Threat Intelligence," Levi Gundert and Allan Liska provide a refresher on threat intelligence, including how they have come to describe it and what, exactly, it is and is not.
Cybersecurity Impact Awards(Arlington, Virginia, United States, May 14, 2019) Winners of the Cybersecurity Impact Awards will be announced and recognized at the May 14, 2019 CYBERTACOS event. The event will start at 5:30 p.m. and the award presentation will begin at 6:00 p.m.! Join us afterwards for tacos and networking!
Cyber Investing Summit(New York City, New York, United States, May 16, 2019) The Cyber Investing Summit is a conference focused on financial opportunities and strategies in the cybersecurity sector. Join key decision makers, investors, and innovators to network, learn, and develop new partnerships May 16th in NYC. More information: www.cyberinvestingsummit.com.
Cyber Security Summits: May 16 in Dallas and in Seattle on June 25th(Dallas, Texas, United States, May 16 - June 25, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, U.S. Secret Service, Verizon, Center for Internet Security, and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Passes are limited, secure yours today: www.CyberSummitUSA.com
Uniting Women in Cyber(Arlington, VA, United States, May 17, 2019) Join us as we celebrate the women in today’s cybersecurity ecosystem at the Uniting Women in Cyber Symposium on May 17, 2019! This full-day event features dynamic women speakers discussing the future of tech, cybersecurity and business. Network among 300–400 business and technical professionals and attend our awards reception recognizing women in tech and business.
DreamPort Event: Tech Talk Series: How DevOps and Automation Can Accelerate Warfighting Readiness(Columbia, Maryland, United States, June 19, 2019) Come hear NetApp's own DevOps journey and lessons learned and see how NetApp has equipped large enterprises to change fast and manage risk, with its deep integration with DevOps tools. In this interactive demonstration and discussion, NetApp will guide conversation towards a DevSecOps vision that can be realized immediately with capabilities that are available today to Defense Department developers.
DreamPort Event: RPE- 006: The Defense at Pemberton Mill(Columbia, Maryland, United States, June 21, 2019) DreamPort, in conjunction with the Maryland Innovation & Security Institute and USCYBERCOM is hosting RPE -006: The Defense at Pemberton Mill. For this event, we'll be looking for solutions that monitor a fictitious network for vulnerabilities and detect attacks in progress. We want participants to bring solutions for monitoring both information technology (IT) and operational technology (OT) networks both in live (with network taps) and offline (PCAP) mode. This event is June 21.
Israel Bombs Building as Retaliation for Hamas Cyber Attack(BleepingComputer) The Israel Defense Forces (IDF) announced that a building used by Hamas cyber operatives was bombed on Saturday as part of a joint retaliation operation with the Israel Security Agency (Shin Bet) and Unit 8200 of Military Intelligence, following a failed cyber attack against Israel.
Old Scams Getting New Life in the Cloud(Netskope) Netskope Threat Research Labs has recently discovered a new technique being used by scammers to reach potential victims: send emails and SMS messages that include links to common services, such as AWS, Azure, Alibaba cloud, and Google Docs. We have seen this technique used for well-known scams, like fake pharmacies, dating sites, and tech support, …
WordPress 5.2 to Come with Supply-Chain Attack Protection(BleepingComputer) The WordPress 5.2 build which will be released today will ship with offline digital signatures for all core updates as a defense measure against possible supply-chain attacks, with support for themes, plugins, and translations to be delivered at a later date.
Amazon to Disable S3 Path-Style Access Used to Bypass Censorship(BleepingComputer) Amazon announced in a post on the Amazon Simple Storage Service (S3) forum that the company will deprecate path-style API requests (used by many to circumvent censorship) starting with September 30, only keeping support for the virtual-hosted style request format.
Protecting democratic elections through secure, verifiable voting - Microsoft on the Issues(Microsoft on the Issues) Today, at the Microsoft Build developer conference, CEO Satya Nadella announced ElectionGuard, a free open-source software development kit (SDK) from our Defending Democracy Program. ElectionGuard will make voting secure, more accessible, and more efficient anywhere it’s used in the United States or in democratic nations around the world. ElectionGuard, developed with the assistance of our...
Air Force and Akamai Zero in on Zero Trust(Meritalk) While few can pronounce the Air Force CTO's name – zero can spell it – which leads us in nicely to Frank Konieczny's presentation on Zero Trust at Akamai’s event on Tuesday, April 30, “Zero Trust: Moving Beyond Perimeter Security.”
US, Russia butt heads over Venezuela(AFP) US Secretary of State Mike Pompeo pressed Sunday for Russia to get out of Venezuela, while his Russian counterpart, Sergei Lavrov, called on Washington to "abandon its irresponsible plans" in the crisis-wracked country.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
TechNet Cyber(Baltimore, Maryland, USA, May 14 - 16, 2019) TechNet Cyber 2019, formerly the Defensive Cyber Operations Symposium, will be the staging area for military, industry and academia to discuss and plan how to achieve persistent engagement, persistent...
Cybertech Midwest 2019(Indianapolis, Indiana, USA, April 24 - July 25, 2019) Cybertech is the cyber industry’s foremost B2B networking platform featuring cutting-edge content by top executives, government officials, and leading decision-makers from the world of cyber. Our Cybertech...
SecureWorld Kansas City(Kansas City, Missouri, USA, May 8, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
RiskSec 2019(Philadelphia, Pennsylvania, USA, May 8, 2019) RiskSec 2019 will provide insights from thought leaders across various industries, focusing on the most significant issues that CISOs and other security professionals face every day. Learn about new approaches...
Digital Utilities Europe 2019(London, England, UK, May 8 - 9, 2019) Following three successful editions of ACI’s Digital Utilities Europe Summit, the 4th edition will be taking place in London, United Kingdom on 8th-9th May 2019. The conference will bring together key...
Secutech 2019(Taipei, Taiwan, May 8 - 10, 2019) As the largest regional business platform for professionals in the security, mobility, building automation and fire safety solution sectors, Secutech is the annual gathering place for key players from...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.